The CIA Triad and Access Control principles 

Sometimes referred to as the AIC to avoid confusion with the CIA Agency, Accessibility, Integrity, and Confidentiality form the backbone of cybersecurity, ensuring data is protected, accurate, and available only to those it should be in a timely manner. Confidentiality are rules that limit access to information, Integrity assures that information is trustworthy and accurate, while availability ensures reliable access to that information but only to those allowed to access it (Chai, 2022). Each principle plays a vital role in cybersecurity and can be elaborated further with specific examples.  

Users who have access to particularly sensitive data should receive extra training on the risks involved with handling that data as well as methods to safeguard against the risks. Confidentiality also suggests that users who are in such a position should be trained on the best practices of passwords such as using a strong password, not sharing it or writing it anywhere it could be found, as well as utilizing tools such as 2 Factor-Auth, security tokens, or an “air-gapped” computer. Air gapped computer describes a pc that is isolated from the network and other computers which are connected to the network (Flinders, Smalley, 2025).  

Imagine a hospital storing critical patient data on a secure server. Integrity plays a vital role in ensuring this data remains accurate and unaltered, protecting it from both human errors and external manipulations. At its core, digital data consists of 0s and 1s, stored and processed using electrical charges within capacitors. However, this structure makes it vulnerable to unintended alterations, such as those caused by electromagnetic pulses, which can disrupt the integrity of stored information. Maintaining data of good integrity means utilizing backup systems to provide redundancy such as version control, checksums for verification, backups, and even “digital signatures for nonrepudiation measures” (Chai, 2022). This way data is backed up, and users are held accountable for their actions within the environment.  

What good would protecting and ensuring validation of data do if it were unavailable to those who needed it most? To ensure availability of crucial data, it is essential that both hardware and software systems be maintained on a regular schedule. Hardware should be upkept to maintain a properly functioning operating system environment that is free of software conflicts and provides proper bandwidth to prevent bottlenecks in communication. In the worst-case scenario a plan must be in place to recover from an attack and restore business operations. Some additional measures that could be taken include utilizing RAID, failover, and other methods of redundancy. Monitoring systems should be utilized so that a breach would be quickly discovered and an incident response plan placed into action.  

Unfortunately, society is chaotic and because of this cybersecurity efforts must be made when building software that is going to involve storing sensitive data. I personally tackled this cumbersome task with the last Android Application I constructed. In a protected system, it’s important that anyone manipulating data is properly identified. There are many methods of authentication, and most people online are exposed to them on a regular interval including email/password, 2 factor auth where it sends a text to your phone, perhaps an application where you click “Yes/No”, or maybe the user has an SSH key.  

The idea of authentication is verifying who you are while authorization focuses on what you are allowed to do within this environment. Everyone entering my application had to be authenticated, and if they elected to utilize the “Continue as a guest” function that I had, they were not authorized to post data to the database. This was essential to protecting my resources as storing data on a server costs money and I only wanted genuine users to create authentic content. Authorization was a very important concept within that environment due to my integration of social media like features such as messaging. I placed policies in my database rules that users could only delete their own data that they created this way user 1 couldn’t modify/delete user 2’s recipe they posted, however as the server owner I could modify anyone’s data if necessary. I also allowed groups to be formed, and groups could have moderators with control of all the posts within that group. Authentication and later authorization would provide certain users with a different GUI showing their escalated privileges.  

To conclude, the CIA triad and access control principles are fundamental to cybersecurity, ensuring data remains protected, accurate, and accessible only to authorized users. By implementing strong authentication and authorization measures, individuals and organizations can safeguard sensitive information from both internal misuse and external threats. As demonstrated in my own application, proper security protocols not only protect digital assets but also enhance user trust and system reliability. In an increasingly digital connected world, understanding and applying these cybersecurity principles is essential for maintaining secure and robust systems.  

References 

Chai, W. (2022, June). What is the CIA Triad? Definition, Explanation, Examples.  

Flinders, M., & Smalley, I. (2025, April 17). What is an air gap?. IBM. https://www.ibm.com/think/topics/air-gap#:~:text=Air%20gapping%20a%20computer%20or%20network%20means%20severely%20limiting%20or,to%20a%20few%20authorized%20users. 

Leave a Reply

Your email address will not be published. Required fields are marked *